TrueCrypt honeypot: Revisited

Discussion in 'privacy technology' started by JackmanG, Sep 9, 2013.

  1. JackmanG
    Offline

    JackmanG Former Poster

    So it seems that every year a thread comes along linking to a particular blog post posing the question of TrueCrypt being a honeypot, and outlining the (at best) circumstantial evidence. Here it is in 2010. Here it is again in 2011, and here in 2012. (There may be even more).

    Given recent developments, (and the fact that even in all those threads, aside from this post, no one fully addressed the points made directly), I'd like to revisit this piece.

    First, in his recent "guide to staying secure" piece for The Guardian, Bruce Schneier admitted to using TrueCrypt. On his blog, he elaborated, explaining that he is just playing the odds...and TC "is less likely to be backdoored than either PGP Disk (what I was previously using) or BitLocker".

    This kept discussion of the program alive and well in the comments of the blog. One commenter in particular has posted multiple times (on multiple blog entries) a listing of "suspicious" aspects of the background surrounding TC (much like the one mentioned above that keeps popping up here in the forum).

    Given this continued debate, I figure this is worthy of another visit.

    In the original thread, the blogger actually came and listed his points here in the forum, so we can easily address each one:

    So what? As one commenter pointed out on Schneier's blog, the same people who point that out are also happy to ask: "Would the US-government leave a US-company like Truecrypt in peace and do nothing while they develop 'uncrackable' encryption?"

    Answer: maybe not. Which is why such developers would have an interest in being anonymous, no? (Ever read the history of PGP and how Zimmerman was targeted? Why wouldn't developers want to avoid that?)

    You can't have it both ways. Either they should be happy to have the world know who they are and that they are designing encryption that is confounding governments, which then makes their secrecy is suspicious, or it makes perfect sense, and they're smart enough to realize that not everyone would take kindly to the work they're doing.

    a) I'm sorry, have we never heard of freeware before?

    Granted, in the blog post, he claims it's just two developers doing everything on TC. This is hard to believe...but I've never heard this anywhere else, nor do I know how it would be confirmed, especially given point #1 (again, you can't have it both ways).

    b) There's been a huge donation banner on every page of the TC site for as long as I can remember. With a ranking in the top 30k sites on the entire www, I imagine traffic is enough to garner a decent payout (particularly when you consider typical donation behavior, with random large donations from people who have the money and interest in backing projects/causes they support.)

    c) Have you looked at the release history? It's not exactly like new versions are coming out every 90 or even 180 days.

    I'm not sure what this is supposed to prove. If he just means more pieces or steps are needed over the years as development takes place, I don't see how this is out of the ordinary. The program is nearly a decade old. And as he admits, it's complex. Is there some reason it should get easier to compile?

    He also states: "it is exceedingly difficult to generate binaries from source that match the binaries provided by Truecrypt". I'm not sure where this comes from. TC binaries are digitally signed. It is basically impossible to generate binaries that would match those provided on the site. This is not news, and is openly stated in the TC documentation. Obviously, the binaries have to be signed to be installable on Windows systems, and obviously if they're signed, any hash generated by the binaries is not going to match a hash from a binary you compile yourself, even if the source is the same.

    a) Even though the blog post was published in late 2010, this is an argument even older than that, and one which at least some have argued was made moot, even as early as 2009.

    b) Even supposing the license is restrictive...what does this prove again, exactly?

    This is simply not true, and I don't know if the author is simply ignorant of any of the reviews that have taken place, or is simply being disingenuous just to help his article.

    As I mentioned here, the Ubuntu Privacy Remix team, for example, has been analyzing the source code since version 4.2a. As far as I know, they're the ones who exposed the behavior difference of the way the program fills the last 65024 bytes of the header in Linux vs. Windows. Here's their latest writeup.

    Here's a 2008 technical analysis from a French organization.

    And f-ing Bruce Schneier published a paper actually breaking the deniable encryption feature of version 5.1a. Again, that was in 2008...a full two years before this guy posted his article. No excuses.

    Those are just notable ones I know of off the top of my head. I'm sure if one were properly motivated (say, I don't know, doing research for a blog article), one could likely find more. Not only that, but even if you couldn't, I really don't see how someone could claim it's "never been reviewed", just because you didn't happen to find one.

    And finally, as has been brought up many times, (and as the author himself offers an example of in the article) there are multiple cases of government agencies at virtually every level being unable to crack TC volumes. If they have some backdoor, or some practical cryptanalysis...they sure are letting a bunch of decently significant cases out the door in the name of keeping it a secret.

    (And really...if keeping a backdoor a secret was really a priority, do you honestly believe the federal government couldn't hide how they got the data?) We already know agencies have covered up and lied about their methods and sources before.

    They could easily say the encryption wasn't implemented properly, or that they were given the keys or that the suspect accidentally revealed information that allowed them to guess, or that they were simply weak keys...or that the encryption was some different cipher, known to be much easier to break...or even that there was no encryption of the files at all. (Who's going to even hear the criminal call them liars, let alone believe him, a convicted felon?) And what's more, how exactly is this backdoor kept a secret when it actually is used? Why can't they just hide it that way, and use it all the time?

    The only reason I see for saying they couldn't break the encryption of a suspected child pornographer...is that it is the truth (and they need permission from the court to use other methods to gain the intel/evidence needed against him).

    I'll grant this is a bit odd, but not totally unheard off. Look at the censorship in these forums. Posts are edited and content removed and threads deleted without warning all the time. And not because it's blatant spam or malicious behavior...but because it's simply "off topic"...or because it touches on a subject that doesn't jive with the set "rules". Does that mean Wilders is a CIA front?


    I'm all for finding a reason to not use TrueCrypt (or any other security software for that matter). Truth be told I hope you can't, but if one does exist, I'd surely like to know about it so I can stop using it sooner rather than later. So if there is one, please give it to me. But extremely-circumstantial evidence (at best) and outright falsehoods at worst, aren't going to suffice.
  2. Reality
    Offline

    Reality Registered Member

    Thankyou thankyou thankyou for posting this.

    I have been doing a massive amount of reading daily, for some time now, to freshen up and get my head around all that which is to do with privacy/security. Encryption included, which I totally admit I have only just started to get a concept on.. TC is in my arsenal, but I haven't started using it yet as Im still learning about it and RTM and I want to do it right. Therefore, this thread is of much interest to me.

    I read a post somewhere on BS's blog and saw a comment saying TC is compromised (backdoored). I thought Oh no!!! this too? but thankfully I DO know there's a confusion of voices out there, but unless youre frequenting places and forums like this youre not going to know who to believe for a good while at least.

    May I say what comes to mind at this point?

    Out of the sum total of every single person who uses the internet, how many would have any concept at all of being able to check and verify for themselves that they were actually secure? ( I'm talking in general and certainly including TC, about understanding the general settings and features in their (security) programmes as opposed to "setting it and forgetting it". I bet the percentage is extremely minimal! :doubt: )

    How many people have heard about encryption at all let alone begin to understand it.?

    I thought if something is open source it is also supposed to be absolutely open to be scrutinized in every way. Therein it is stated (and made sense to me), lies the safety. The only problem is if most people haven't even heard of encryption, how many would be able to verify code etc? As such, how many people are in the position to really be able to feel safe on the grounds of their own knowledge?

    I would suggest aside from techo's theres going to be a woefully small amount of people who arent going to have to "trust" for want of a better word, others to do this for them.

    Just some thoughts.
  3. JackmanG
    Offline

    JackmanG Former Poster

    But try and name a facet of life in which this isn't true.

    We as a species have advanced to a point at which we are doing things that no single person could ever understand. (See Matt Ridley's famous TED talk on this. It's excellent).

    The ability for a human life to be so comfortable, and so impactful...is due almost entirely to the advancements that come from specialization...the very specialization that makes it literally impossible for a person to be both entirely self-sufficient and maintain a modern standard of living.

    The point being, everyone has to "trust" the expertise and recommendations of other people all the time. Technophiles may be able to handle their own computer security...but do they know what makes a car safe? Can they crawl into the bowels of an automobile and confirm it's road ready for their children? (And even if they could...would they have the time to do it for every single auto they wanted to test drive?)

    Can automobile engineers diagnose their own illnesses, and understand what pharmaceutical concoctions would best treat their ailment? Do they know what would be the proper course of action for someone who is suffering from secondary drowning? Could they perform their own brain surgery?

    Physicians may understand biology and chemistry and how it applies to the human body in terms of health...but can they audit the construction of their house? Can they confirm for themselves that the architecture is sound, and the walls will actually support the ceiling?

    I could go on forever. We all trust the judgement of people who know more than us in virtually every facet of our lives. It just works so well that you live your comfortable life and barely even notice it...let alone think about it.
  4. Taliscicero
    Offline

    Taliscicero Registered Member

    TrueCrypt Daniel Dantas Seal of Approval :thumb:

  5. Reality
    Offline

    Reality Registered Member

    Taliscicero, :thumb: would be nice though if there's something more recent.

    Trust under duress/compunction/coercion without knowing/being able to obtain the facts, is not really trust at all. At best its presumption. That's why people often say on boards like these "trust no-one" and rightfully so. They're not being paranoid but using common sense. In the true sense of the word, trust is earned, not decided upon wheres there's a lack of prior knowledge about enough surrounding facts, something which is much harder to obtain online.

    So, yes your (real world) examples are correct, but I see these same examples where trust is gained, is done so by other things making it much more easy to substantiate the facts and hence be comfortable with your decision.

    To make an accurate comparison you have to compare apples with apples. You can't do that with real world situations and the general but devastating invasion of our privacy online. The two are worlds apart.

    Because of this "forced trust" there's little or no other choice but to "assume" the best will happen. Of non tech people you ultimately you have 2 groups of people emerge out of this situation... those who will go off the grid (it's actually possible) or simply throw caution to the wind, using excuses like "if youve got nothing to hide then whats the worry".... It's not called the World Wide Web for nothing and in the end the latter category will "net" a catch full to overflowing. Unfortunately.

    All that said, back to TC. OK, so Ive learnt that the best way to encrypt decrypt is to do everything on your local computer. Since I cant read code, I want to know who to trust that theres no backdoors, and/or methods to use that are doable for noobs.
  6. JackmanG
    Offline

    JackmanG Former Poster

    I'm sorry, the "invasion of our privacy online" is not a real situation?

    I'm sorry...what?
  7. LockBox
    Offline

    LockBox Registered Member

    Great post, Jackman.

    Let me present one thought....

    Even if TC were to be a project funded by some western intelligence agency, we'd probably never know. Any "backdoor" would never be used in murder cases, child pornography investigations, on and on, not only because the forensics people wouldn't know about it, the prosecutors wouldn't know about it, but very, very few people would know about its existence.

    I've argued many times that Truecrypt has proved its value with so many drives sitting in prosecutor's offices still encrypted. In most every real-world scenario, Truecrypt is due its well-deserved value and reputation - even if it is a project of an intelligence agency.

    So, why would any government fund and surreptitiously distribute an application like Truecrypt? And why would we want to use it? The idea would have had to be "Let's do this thing, get it into as many hands as possible, make it the go-to application for encryption worldwide and roll the dice that if there is ever a computer with doomsday information encrypted, its encrypted with Truecrypt." In other words, from the very beginning it could have been developed to assure that odds are fair-to good (and with luck - even better) that mega-threats to world peace, humanity, fill-in-the-blank, if encrypted, is done with their application. Period.

    To ruin it all with it being used for anything less than to prevent a (in foreign policy speak) "spectacular" terrorist event, would make no sense. With luck, it could be used more than once, twice, even longer depending on need-to-know when push comes to shove.

    I'm not saying that's what's going on. Just that if it is, unless you're involved in planning the end of the world as we know it - it probably wouldn't matter anyway.
  8. Reality
    Offline

    Reality Registered Member

    I didnt say real situation, but real world situation ... meaning, I was drawing a parallel between online and offline....as in, you have more things at your diposal to make judgements about people you know and see, as opposed to the much more difficult prospect of correctly judging "cyber" relationships.


    Sorry I wasn't very clear. I was speaking generally here that eventually there's (enough) evidence that pops up to verify that somethings believable or hasn't been backdoored or otherwise fiddled with. As for methods, again, speaking generally about helpful tips for newbies that verify something like (in this case) encryption is working.
  9. JackmanG
    Offline

    JackmanG Former Poster

    That would make for a good movie McGuffin, but in reality I just find it too hard to believe. It's basically one of those "conspiracy of all conspiracies" kind of things in which to debunk one conspiracy theory, an even greater one is devised.

    It's not unlike the "Official Story TM" of so many of the classic assassinations. Every one of these guys were total failures at virtually everything in their lives...total loners, no real motivation, etc...but each one was wildly successful at this one thing...often times pulling off ballistics maneuvers that even seasoned experts would admire (and that sometimes even the laws of physics can't explain).

    This is a place where Occam's razor actually comes into play. The notion of TC being a government plot for noble, benevolent purposes...is the biggest conspiracy theory of all. (And by that I mean, the hardest to believe and the least likely.)
  10. JackmanG
    Offline

    JackmanG Former Poster

    So wait a minute...you're telling me that you "know and see" the engineer, the manufacturer, and the builder of your car? All three of those guys "gain your trust" through the facts you glean from interacting with them on a regular basis? Or do you actually climb into a 2000 lb. death trap of metal and plastic, filled with one of the most combustible liquids known to man, and pilot it to over 70mph based on the trust of the whole process (and those at each link in the chain)?

    I think you're taking a lot of things for granted so as to ignore the fact that you can take things for granted.


    I still don't understand. Your entire post was the argument that you basically cannot trust anyone unless you interact with them personally long enough for them to "gain your trust". You said it yourself: "trust no one". And then in your very next paragraph, on here, an online, anonymous Internet forum, you ask us, a bunch of anonymous strangers literally from anywhere in the world "who can I trust?". That's even more ironic than asking a masked man who he is.

    You are now trying to claim "eventually there's (enough) evidence that pops up to verify that somethings believable" and are asking for "helpful tips for newbies to verify encryption is working"...when, again, you yourself admitted that since you can't read code, you have no way of knowing any of that stuff. How exactly do you presume to know this "evidence" is valid, when you cannot trust anyone, and lack the skill to verify it yourself? And how exactly does a "newbie" who lacks the skill to verify encryption, utilize a "helpful tip" to, quite simply, accomplish something he lacks the skill to do in the first place?

    And how do you know what evidence to trust if you can't trust anyone's assessment of it?

    You see the corner you've painted yourself into? You're only proving me correct: "We all trust the judgement of people who know more than us in virtually every facet of our lives. It just works so well that you live your comfortable life and barely even notice it...let alone think about it."

    You can claim computer technology is somehow unique and that everything else is "worlds apart" all you want, but the reality is, Reality, that you trust your health, your property, your life (and that of your family) to strangers you have not and will never meet...every single day.
  11. LockBox
    Offline

    LockBox Registered Member

    Jackman, It's really not that far-fetched. In fact, reading just a few good books on WW II history would show that it's actually very plausible. Not to mention, entire corporations have been birthed and nurtured for years by intelligence agencies in order to secure contracts for work that they set that company up to be the best at. Sounds like a movie - but it happened. Sounds too fantastic - just like my TC scenario. Which, by the way, I just threw out there and don't necessarily subscribe to.
  12. JackmanG
    Offline

    JackmanG Former Poster

    Examples?
  13. LockBox
    Offline

    LockBox Registered Member

    Your response tells me you're either much younger than I thought, or long on cryptographic knowledge - but short on history. History is actually full of examples internationally.

    Have you ever read William Shirer's The Rise & Fall of the Third Reich?

    The most notorious example(s) would be Siemens and the many corporate spin-offs that were wholly run by German intelligence.

    There are others, even in the United States, that have their roots in the intelligence community and the capital was straight from black box funds from the CIA/DIA/NSA.

    Remember who one of the biggest anonymizing proxy services was around 2000/2001? It was an outfit called SafeWeb that was talked about and recommended highly by many right here on this forum. It is an oft-cited example, within intelligence circles today, of intelligence-run operations being "outed" on the web. The world had changed faster than Langley realized and they were not able to keep up. Turned out that SafeWeb was masterminded and run by In-Q-Tel, which was outed as a front for the Central Intelligence Agency --- game over and SafeWeb was history.

    In-Q-Tel is a minor example, but within our realm of discussion here. Much else and we'll be called on for political discussion. There is one particularly good example closely tied to the first Gulf War that had a life expectancy of the end of that conflict - but is highly successful in its industry to this day. Stuff from the movies.

    The place to start though for modern corporate black ops is any scholarly history of WWII.

    Movies got their ideas from history - not the other way around.

    -
  14. Tipsy
    Offline

    Tipsy Registered Member

    If intelligence agencies are running TrueCrypt as a honeypot, why they do not update it for Windows 8 by now?
    That seem much too clever trick.
    Because of this, it seem very unlikely it is a honeypot operation that was started by government.*

    Someone post here that maybe it could be that they make TrueCrypt as a tool for worstcase scenario and never use it until no other choices, ticking bomb. But history show that is not how modern government act with weapons or powerful technology.

    *On the other hand, maybe TrueCrypt started out as a personal freeware project by techies or hackers, BUT government later infertrate them or turn them and NOW TrueCrypt is indirectly under control of government. This I could believe is possible. Or if not government, maybe could be Russian Mafia or other criminals. Could be.
  15. mlauzon
    Offline

    mlauzon Registered Member

    PGP definitely has backdoors, the reason why I say this, you could find a book in reference libraries back in the '90s -- and they are probably still around -- that had the complete PGP source code, so by now, there are backdoors.
  16. JackmanG
    Offline

    JackmanG Former Poster

    The Germans were setting themselves up to build railroads for the Third Reich almost a full century before the party even existed? That's some serious planning. And yes I'm definitely too young to remember the birth of that company. I wasn't born until the 1860s.


    Oh it was "outed" was it? You mean when it was chartered in 1999 at the request of the Director of CIA and with the support of Congress? Or when the government published a paper titled "A New Partnership Between the CIA and the Private Sector" in the Defense Intelligence Journal the next year? Or when Business Executives for National Security published "The Report of the Independent Panel on the CIA In-Q-Tel Venture" the year after that? Or how about when Harvard Business School put out a case study in 2004?

    What in the hell are you talking about? The history of In-Q-Tel and SafeWeb is nothing like the setup you originally described. And it wasn't a "front" for the CIA, In-Q-Tel was always known to be a CIA joint venture. It was even covered by national newspapers and news programs essentially right when it was being chartered.

    Do you even know what you're talking about?


    Bologna. This isn't politics...this is privacy straight up and down...we're literally talking about companies allegedly set up under false pretenses for security reasons.

    (Or at least, that's what we're supposed to be talking about)...you keep talking as if examples abound, yet you've provided only two names, both of which do not match the description you started with at all.


    Such as? Instead of continuing to just tell me that all these examples exist, can't you just name them?

    If you're so much older, and wiser, and knowledgeable, and these examples of "entire corporations [that] have been birthed and nurtured for years by intelligence agencies in order to secure contracts for work that they set that company up to be the best at" are just so numerous...why can you not name a single one?
  17. JackmanG
    Offline

    JackmanG Former Poster

    :blink:
    I...uh...Is supposed to be this a joke?
  18. LockBox
    Offline

    LockBox Registered Member

    Jackman,

    I like your posts here. Really. When you check your ego at the door, they add a lot to the discussion. However, when I take on .5% of your attitude - you lose it. Do you not realize how condescending you are at this forum? It is indefensible. It is narcissistic to the extreme and you rarely fail to pull someone into your clashes and grandiose illusions. It's bizarre as to why you even bother to post here.

    As for In-Q-Tel, is this really the place to explain its history? To pounce on one wrong word? It wasn't In-Tel-Q that was outed as a front, it was SafeWeb. In-Q-Tel simply secretly hid their investment - until outed. When it was discovered - SafeWeb was history.

    If you think for a minute that you're going to start playing mind games with me about WWII history and the dates of this and then - you're as wrong as one could be. Read my original post again and you'll see where you got confused and discovered what you thought was a date mistake on my part.

    Sorry I don't hyperlink throughout my posts in an attempt to mimic Bruce Schneier. Is your identical posting "style" supposed to be making us wonder if you....if you...might be Bruce himself? You both have similar egos that's for sure. You both know how to showboat and dish out a condescending style of writing, while not being able to take it - or be called-out on it. So, who knows? My best guess is you learned from the master showboat in the field - by reading his blog. The master of riding a career for years on one book, and being the first crypto "guru" to brand himself on the Internet. Overrated, he is. Overrated, you are. Whatever. Can you write three consecutive posts without the name "Schneier?"

    My post stands exactly as I wrote it. I stand by every word except that one word, but I had already said it was SafeWeb that was outed.

    You remind me of the playground bully. I'll make this familiar: Check here, here, and here.

    Have a good night.
  19. JackmanG
    Offline

    JackmanG Former Poster

    Thanks :thumb:

    Well, yeah...I mean, isn't that like, exactly what we're talking about?

    If that's what it was, a simple mistake, then no problem. I accept that.

    I'm not sure what you're talking about here.

    ? I'm not sure what you're talking about here either.

    You said "entire corporations have been birthed and nurtured for years by intelligence agencies in order to secure contracts for work that they set that company up to be the best at"...

    When I asked for examples of that, you claimed that "History is actually full of examples internationally" and that "The most notorious example(s) would be Siemens and the many corporate spin-offs that were wholly run by German intelligence."

    So as a recap, "history is full of examples" of "entire corporations have been birthed and nurtured for years by intelligence agencies in order to secure contracts for work that they set that company up to be the best at", and "The most notorious example(s) would be Siemens and the many corporate spin-offs."

    Siemens was founded (aka "birthed") as Siemens & Halske by Werner von Siemens in October 1847.

    WWII started in 1939... 92 years (aka "almost a century") later.

    What did I get confused, exactly?


    Take what? What have I "not been able to take"? And how is that, exactly? I'm honestly not sure what you mean.


    Really?! I didn't know I was rated at all! YEsss! :D


    Yes.
    (I could provide links, but then you'd think I was trying to be...you know who.)


    That's fine, aside from that there really isn't anything wrong with it, other than the fact that it provides literally no examples of what you originally described. You actually spend more time claiming how there are so many examples, than you would if you would actually just list some.


    Could you please do that? I'm honestly interested. If there's something cool like that in this realm that I don't know about, I'd certainly like to learn about it. But so far you've done virtually everything to claim there's all these examples out there...except for actually naming any.

    You say they're so numerous, and you make it sound like they're so well known. It should be quite easy for you to name some. Could you please do that?

    What are some of these entire corporations [that] have been birthed and nurtured for years by intelligence agencies in order to secure contracts for work that they set that company up to be the best at?
  20. Enigm
    Offline

    Enigm Registered Member

    It is not 'condescending' to know what you are talking about and pointing out that others don't . And it isn't 'arrogant' either .
    Anyone who knows just a bit about encryption can't help to notice that A LOT of people running their mouths online DON'T HAVE A ~ Snipped as per TOS ~ CLUE !

    What IS 'condescending' and 'arrogant' is to pull out your pocket-version of 'Psychology for Dummies' and giving people diagnoses ..
    What are you, a psychiatrist ??
    Last edited by a moderator: Sep 10, 2013
  21. mattdocs12345
    Offline

    mattdocs12345 Registered Member

    It's grandiose delusions and not illusions.
  22. Reality
    Offline

    Reality Registered Member

    No Jackman you don't get what I'm trying to say.

    You come on here expecting your level of knowledge is going to give you a free pass to be as rude and disrespectful as you like.

    I'm here to see if I can understand certain things and learn enough for it to be of benefit, and while I do so this most certainly does not mean Ive painted myself into a corner. Nor do I expect the level of condescension you seem happy to engage in.

    I make NO apologies for the things I don't understand yet, or my level of knowledge, nor am I backward in coming forward about the level my understanding is at. The last time I looked, this forum did NOT exclude newbies so GET OVER IT and most of all GET OVER YOURSELF.

    Like the rules say, give people the benefit of the doubt, and knowing that you seem to have a reputation for disrupting/upsetting others, I still did that. Well get this: I don't care what you think you know and can prove, when it is exceeded by your level of arrogance then it's not worth listening to. You come across as being so far up yourself only your legs are hanging out. Theres nothing wrong with respectfully disagreeing and holding to your point but to attack people's character, vilify them, and pedantically labour points beyond the ridiculous is uncalled for. Your narcissism and arrogance are STAGGERING. I totally agree with Lockbox. The only way to deal with bullys is to stand up to them. I hope everyone you vilify stands up to you.
  23. Palancar
    Offline

    Palancar Registered Member

    Well this thread is a decent read but the "tone" is not typical for this forum. Usually we all try to help each other and of course express an opinion, which we are entitled to have. Both sides deserve the respect of realizing what we are discussing here is opinion.

    I stake my own protection on the integrity of PGP/GPG and TrueCrypt with the following caveat:

    ( I am not trying to start any rumors here just explain my rationale)

    PGP: I have explicit trust in Zimmerman and use 6.5.8 for 32 bit windows. He is the master and that is the last pre-911 release of the product. Totally open source at that point and its proven beyond compare - benchmark version. For 64 bit I use gpg open pgp only (open source and the latest version creates strong keys with nice implementation.).

    TrueCrypt: I still use 6.3a because I compiled it myself and made wanted mods. Its a version from several years ago but it meets in fact exceeds any expectations and requirements I have ever had.

    Rationale: it makes sense to me that IF a security product started with "no holes" in it, that it would draw attention and ire from large/agency adversaries over time. Now assuming that the more vintage version fulfills my needs why not use it to avoid the remote possibility that a "third party" has entered the picture behind the scenes. Fully realizing that there is a differing viewpoint I acknowledge that position, and merely present my rationale. I have been involved with security and encryption from its inception.
  24. JackmanG
    Offline

    JackmanG Former Poster

    I kind of already told you that. Please see my post again, where I literally said "I still don't understand."

    I went on to explain why you are confusing, because your entire post was the argument that you basically cannot trust anyone unless you interact with them personally long enough for them to "gain your trust". And then in your very next paragraph, on here, an online, anonymous Internet forum, you ask us, a bunch of anonymous strangers literally from anywhere in the world "who can I trust?".

    This makes no sense to me. It is blatantly contradictory.

    Further, you then tried to claim "eventually there's (enough) evidence that pops up to verify that somethings believable" and asked "helpful tips for newbies to verify encryption is working"...

    Again this makes no sense. How exactly do you presume to know this "evidence" is valid, when you cannot trust anyone, and lack the skill to verify it yourself? And how exactly does a "newbie" who lacks the skill to verify encryption, utilize a "helpful tip" to, quite simply, accomplish something he lacks the skill to do in the first place?

    And how do you know what evidence to trust if you can't trust anyone's assessment of it?

    You claim I'm misunderstanding you. But you seem to be making yourself quite clear. What I don't understand is how you saddle yourself with these contradictory positions simultaneously. Orwell called this "doublethink".

    If you feel like you can explain this and make any sort of logical sense of it, please do.


    Not at all. Quite the contrary, in fact. It is those who are ignorant who expect to be given a free pass when they spout nonsense as a result of talking on things they know little to nothing about. (And then get upset and indignant when they don't receive that pass...as we're seeing in this thread.)


    Most people learn through asking questions and posing hypotheticals...not by asserting their opinions which are rooted in little more than ignorance, and instead presenting them as fact.


    No one said that you trying to understand things and learn is what means you painted yourself into a corner. It's the fact that you've painted yourself into a corner, that means you painted yourself into a corner.

    Straw men are just running rampant around here, aren't they?


    ? Who asked you to do that? Certainly not me. But a famous economist once said:

    "It is no crime to be ignorant of economics, which is, after all, a specialized discipline and one that most people consider to be a 'dismal science.' But it is totally irresponsible to have a loud and vociferous opinion on economic subjects while remaining in this state of ignorance."

    The same goes for security and security technology.


    Do I? Should I provide some links to people saying "thank you"? How about the second post in this very thread?
  25. Reality
    Offline

    Reality Registered Member

    Jackman, you still dont get it do you. You are so condescending you can't see past your own nose. Never mind, narcissism is like that, it blinds you with arrogance and continually builds strawmen. I can't be bothered with people who play around with words, and nor do I need to enter into a nit picking session dissecting and bisecting endless sentences and conjecture about intended meanings. As they say don't feed the trolls.

    Thanks Palancar for this, as even though I'm fairly new here, its what Ive gathered other than Jackmans inordinate propensity to pick other people to pieces.

    Great, and thanks for your angle on this.